Unauthorized Access: Emptying Secure One-Time Password Memory in Microchip PIC Microcontrollers
In a recent development, a new exploit known as PIC Burnout has been discovered, capable of reading out the One-Time Programmable (OTP) memory in certain Microchip's PIC Microcontrollers (MCUs) with code protection.
## How PIC Burnout Works
The PIC Burnout exploit operates by manipulating the In-Circuit Serial Programming (ICSP) CLK pin to enter programming mode, followed by the application of excessively high programming voltage and prolonged programming duration. This process causes the entire flash bit lines to become stuck high, enabling previously inaccessible OTP data to be read out.
In normal circumstances, code-protected OTP memory would return scrambled data. However, by repeatedly applying high voltage and checking for areas that normally read as zeros but now read proper data, the scrambling can be bypassed. Once the scrambling is circumvented, the OTP data can be read out, albeit in a time-consuming process that may require several attempts to achieve a successful dump.
## Implications for Memory Cells
While the PIC Burnout method is non-invasive, meaning it doesn't physically alter the chip's structure, it does damage the memory contents during the readout process. This damage means that the OTP data can only be dumped once before it is 'burned out', rendering it unusable. Due to the damaging nature of the exploit, it is advisable to ensure that the dump is successful on the first attempt, as subsequent attempts may yield unreliable results or further damage the memory.
## Broader Implications
The exploit reveals vulnerabilities in the code protection mechanisms of certain PIC MCUs, which could have broader implications for security and reliability in applications where these chips are used. The discovery of PIC Burnout underscores the ongoing cat-and-mouse game between chip manufacturers and hackers, with each side continuously pushing the boundaries of security and innovation.
Special thanks to [DjBiohazard] for providing a tip related to the exploit process, and to [Prehistoricman] for developing the PIC Burnout exploit. An example of PIC Burnout is provided for the PIC16LC63A MCU. It's essential to note that the exact scrambling method used is necessary after the exploit process to ensure successful data dumping.
[1] [Link to the original source 1] [2] [Link to the original source 2]
In light of the PIC Burnout exploit, data-and-cloud-computing professionals should be aware of the potential risks it poses to programming technology, particularly in regard to Microchip's PIC Microcontrollers with code protection. This exploit can cause damage to the OTP memory contents, making it essential to ensure a successful data dump on the first attempt to prevent further damage and unreliable results.
